Access Certifcates for Electronic Services
   Certificate Revocation

 
 

 

The individual making the request for certificate revocation shall either digitally sign requests sent via e-mail, or the individual shall present the request in person to the RA.

Note: Code Signer Certificates are not normally revoked when the code signer departs or is no longer with the organization. If the code signer is suspected of having signed (intentionally or unintentionally) unapproved code, the Code Signer Certificate may be revoked by the IA.

The following authorized parties may request a revocation of a certificate:

Bullet Any End Entity (EE) may request revocation of their own certificate(s) and RAs may request revocation of any EE certificate on behalf of the EE or other authorized party.
Bullet The ORC IA may revoke any certificate within its domain for reasons identified in this CPS.
Bullet Other parties may also request revocation of certificates through a RA or LRA. The RA or LRA shall validate the credentials of the requesting party, and the RA shall determine if the revocation request meets the requirements of Section 4.4.1.1 of the ORC CPS.

If any individual has reason to believe that a certificate private key has been compromised, that individual is required to notify an RA or LRA of the compromise suspicion. It is the responsibility of the RA to investigate the information and determine if certificate revocation is warranted.

If so, the RA shall forward the revocation request along with documentation of the reason for the request to the IA. ORC will send a written notice and brief explanation for the revocation to the subscriber.

If any of the following points apply to your current situation then immediately have your certificate revoked. If your key is compromised, report it to ORC at 1-888-816-5503, or e-mail pkihelp@orc.com immediately.

Circumstances for Revocation

Bullet The certificate holder requests that the certificate be revoked.
Bullet The certificate holder can be shown to have violated the subscriber obligations, including payment of any required fees.
Bullet The certificate holder is no longer authorized to hold the certificate (e.g. termination of employment or change in responsibilities).
Bullet The information in the certificate is no longer accurate, and therefore, identifying information needs to be changed (e.g. change of name or privilege attributes asserted in the subscriber's certificate are reduced).
Bullet The subscriber's employer or organization requests revocation.
Bullet The certificate was obtained by fraud or mistake.
Bullet The certificate was not correctly requested, issued, or accepted.
Bullet The certificate contains incorrect information, is defective, or creates a possibility of incorrect reliance or usage.
Bullet Certificate private key compromise is suspected.
Bullet The certificate holder fails to make a payment or other contractual obligations related to the certificate.
Bullet Subscribers leaving the organizations that sponsored their participation in the PKI shall surrender to their organization's PKI point of contact (through any accountable mechanism) all Cryptographic Hardware Tokens that were issued, under the sponsoring organization, prior to leaving the organization. The PKI point of contact shall zeroize or destroy the token promptly upon surrender and shall protect the token from malicious use between surrender and zeroization or destruction. In all cases, whether software or hardware tokens are involved, the organization shall promptly notify an RA to revoke the certificate and attest to the disposition of the token, via a digitally signed email.
Bullet ORC reserves the right to revoke any ORC ACES issued certificate at its discretion.


Return to Last Page   Revoke an ACES 2048 Certificate
Revoke an ACES 3 2048 Certificate